Ejemplo n.º 1
0
def test_login_info(client):
    # Make sure we can get user info when logged in already.

    json_authenticate(client)
    response = client.get(
        "/login", data={}, headers={"Content-Type": "application/json"}
    )
    assert response.status_code == 200
    assert response.jdata["response"]["user"]["id"] == "1"
    assert "last_update" in response.jdata["response"]["user"]
def test_bc_password(app, client_nc):
    # Test behavior of BACKWARDS_COMPAT_AUTH_TOKEN_INVALID
    response = json_authenticate(client_nc, email="*****@*****.**")
    token = response.json["response"]["user"]["authentication_token"]
    verify_token(client_nc, token)
    json_logout(client_nc, token)

    with capture_reset_password_requests() as requests:
        response = client_nc.post(
            "/reset",
            json=dict(email="*****@*****.**"),
            headers={"Content-Type": "application/json"},
        )
        assert response.status_code == 200

    reset_token = requests[0]["token"]

    data = dict(password="******", password_confirm="awesome sunset")
    response = client_nc.post(
        "/reset/" + reset_token + "?include_auth_token=1",
        json=data,
        headers={"Content-Type": "application/json"},
    )
    assert response.status_code == 200
    assert "authentication_token" in response.json["response"]["user"]

    # changing password should have rendered existing auth tokens invalid
    verify_token(client_nc, token, status=401)

    # but new auth token should work
    token = response.json["response"]["user"]["authentication_token"]
    verify_token(client_nc, token)
Ejemplo n.º 3
0
def test_bc_password(app, client_nc):
    # Test behavior of BACKWARDS_COMPAT_AUTH_TOKEN_INVALID
    response = json_authenticate(client_nc)
    token = response.json["response"]["user"]["authentication_token"]
    verify_token(client_nc, token)

    data = dict(
        password="******",
        new_password="******",
        new_password_confirm="new strong password",
    )
    response = client_nc.post(
        "/change?include_auth_token=1",
        json=data,
        headers={"Content-Type": "application/json", "Authentication-Token": token},
    )
    assert response.status_code == 200
    assert "authentication_token" in response.json["response"]["user"]

    # changing password should have rendered existing auth tokens invalid
    verify_token(client_nc, token, status=401)

    # but new auth token should work
    token = response.json["response"]["user"]["authentication_token"]
    verify_token(client_nc, token)
Ejemplo n.º 4
0
def test_sending_auth_token_with_json(client):
    response = json_authenticate(client)
    token = response.jdata["response"]["user"]["authentication_token"]
    data = '{"auth_token": "%s"}' % token
    response = client.post(
        "/token", data=data, headers={"Content-Type": "application/json"}
    )
    assert b"Token Authentication" in response.data
Ejemplo n.º 5
0
def test_sending_auth_token_with_json(client):
    response = json_authenticate(client)
    token = response.jdata['response']['user']['authentication_token']
    data = '{"auth_token": "%s"}' % token
    response = client.post('/token',
                           data=data,
                           headers={'Content-Type': 'application/json'})
    assert b'Token Authentication' in response.data
Ejemplo n.º 6
0
def test_sending_auth_token_with_json(client):
    response = json_authenticate(client)
    token = response.jdata['response']['user']['authentication_token']
    data = '{"auth_token": "%s"}' % token
    response = client.post(
        '/token',
        data=data,
        headers={
            'Content-Type': 'application/json'})
    assert b'Token Authentication' in response.data
Ejemplo n.º 7
0
def test_change_uniquifier(app, client_nc):
    # make sure that existing token no longer works once we change the uniquifier

    response = json_authenticate(client_nc)
    token = response.json["response"]["user"]["authentication_token"]
    verify_token(client_nc, token)

    # now change uniquifier
    with app.test_request_context("/"):
        user = app.security.datastore.find_user(email="*****@*****.**")
        app.security.datastore.reset_user_access(user)
        app.security.datastore.commit()

    verify_token(client_nc, token, status=401)

    # get new token and verify it works
    response = json_authenticate(client_nc)
    token = response.json["response"]["user"]["authentication_token"]
    verify_token(client_nc, token)
Ejemplo n.º 8
0
def test_token_change(app, client_nc):
    # Verify can change password using token auth only
    login_response = json_authenticate(client_nc)
    token = login_response.json["response"]["user"]["authentication_token"]

    data = dict(
        password="******",
        new_password="******",
        new_password_confirm="new strong password",
    )
    response = client_nc.post(
        "/change?include_auth_token=1",
        json=data,
        headers={"Content-Type": "application/json", "Authentication-Token": token},
    )
    assert response.status_code == 200
    assert "authentication_token" in response.json["response"]["user"]
Ejemplo n.º 9
0
def test_authn_freshness_nc(app, client_nc, get_message):
    # If don't send session cookie - then freshness always fails
    @auth_required(within=30)
    def myview():
        return Response(status=200)

    app.add_url_rule("/myview", view_func=myview, methods=["GET"])

    response = json_authenticate(client_nc)
    token = response.json["response"]["user"]["authentication_token"]
    h = {"Authentication-Token": token}

    # This should fail - should be a redirect
    response = client_nc.get("/myview", headers=h, follow_redirects=False)
    assert response.status_code == 302
    assert (response.location ==
            "http://localhost/verify?next=http%3A%2F%2Flocalhost%2Fmyview")
Ejemplo n.º 10
0
def test_auth_token_speed(app, client_nc):
    # To run with old algorithm you have to comment out fs_uniquifier check in UserMixin
    import timeit

    response = json_authenticate(client_nc)
    token = response.jdata["response"]["user"]["authentication_token"]

    def time_get():
        rp = client_nc.get(
            "/login",
            data={},
            headers={"Content-Type": "application/json", "Authentication-Token": token},
        )
        assert rp.status_code == 200

    t = timeit.timeit(time_get, number=50)
    print("Time for 50 iterations: ", t)
Ejemplo n.º 11
0
def test_token_query(in_app_context):
    # Verify that when authenticating with auth token (and not session)
    # that there is just one DB query to get user.
    app = in_app_context
    populate_data(app)
    client_nc = app.test_client(use_cookies=False)

    response = json_authenticate(client_nc)
    token = response.jdata["response"]["user"]["authentication_token"]
    current_nqueries = get_num_queries(app.security.datastore)

    response = client_nc.get(
        "/token",
        headers={"Content-Type": "application/json", "Authentication-Token": token},
    )
    assert response.status_code == 200
    end_nqueries = get_num_queries(app.security.datastore)
    assert current_nqueries is None or end_nqueries == (current_nqueries + 1)
Ejemplo n.º 12
0
def test_inactive_forbids_token(app, client_nc, get_message):
    """ Make sure that existing token doesn't work after
    user marked inactive
    """
    response = json_authenticate(client_nc)
    assert response.status_code == 200
    token = response.jdata["response"]["user"]["authentication_token"]
    headers = {"Authentication-Token": token}
    # make sure can access restricted page
    response = client_nc.get("/token", headers=headers)
    assert b"Token Authentication" in response.data

    # deactivate matt
    with app.test_request_context("/"):
        user = app.security.datastore.find_user(email="*****@*****.**")
        app.security.datastore.deactivate_user(user)
        app.security.datastore.commit()

    response = client_nc.get("/token", content_type="application/json", headers=headers)
    assert response.status_code == 401
Ejemplo n.º 13
0
def test_session_query(in_app_context):
    # Verify that when authenticating with auth token (but also sending session)
    # that there are 2 DB queries to get user.
    # This is since the session will load one - but auth_token_required needs to
    # verify that the TOKEN is valid (and it is possible that the user_id in the
    # session is different that the one in the token (huh?)
    app = in_app_context
    populate_data(app)
    client = app.test_client()

    response = json_authenticate(client)
    token = response.jdata["response"]["user"]["authentication_token"]
    current_nqueries = get_num_queries(app.security.datastore)

    response = client.get(
        "/token",
        headers={"Content-Type": "application/json", "Authentication-Token": token},
    )
    assert response.status_code == 200
    end_nqueries = get_num_queries(app.security.datastore)
    assert current_nqueries is None or end_nqueries == (current_nqueries + 2)
Ejemplo n.º 14
0
def test_invalid_json_auth(client):
    response = json_authenticate(client, password='******')
    assert b'"code": 400' in response.data
Ejemplo n.º 15
0
def test_ok_json_auth(client):
    response = json_authenticate(client)
    assert response.jdata['meta']['code'] == 200
    assert 'authentication_token' in response.jdata['response']['user']
Ejemplo n.º 16
0
def test_multi_auth_token(client):
    response = json_authenticate(client)
    token = response.jdata['response']['user']['authentication_token']
    response = client.get('/multi_auth?auth_token=' + token)
    assert b'Token' in response.data
Ejemplo n.º 17
0
def test_token_auth_via_header_valid_token(client):
    response = json_authenticate(client)
    token = response.jdata['response']['user']['authentication_token']
    headers = {"Authentication-Token": token}
    response = client.get('/token', headers=headers)
    assert b'Token Authentication' in response.data
Ejemplo n.º 18
0
def test_token_auth_via_querystring_valid_token(client):
    response = json_authenticate(client)
    token = response.jdata['response']['user']['authentication_token']
    response = client.get('/token?auth_token=' + token)
    assert b'Token Authentication' in response.data
Ejemplo n.º 19
0
def test_token_auth_via_querystring_valid_token(client):
    response = json_authenticate(client)
    token = response.jdata["response"]["user"]["authentication_token"]
    response = client.get("/token?auth_token=" + token)
    assert b"Token Authentication" in response.data
Ejemplo n.º 20
0
def test_multi_auth_token(client):
    response = json_authenticate(client)
    token = response.jdata['response']['user']['authentication_token']
    response = client.get('/multi_auth?auth_token=' + token)
    assert b'Token' in response.data
Ejemplo n.º 21
0
def test_multi_auth_token(client):
    response = json_authenticate(client)
    token = response.jdata["response"]["user"]["authentication_token"]
    response = client.get("/multi_auth?auth_token=" + token)
    assert b"Token" in response.data
Ejemplo n.º 22
0
def test_token_auth_via_header_valid_token(client):
    response = json_authenticate(client)
    token = response.jdata["response"]["user"]["authentication_token"]
    headers = {"Authentication-Token": token}
    response = client.get("/token", headers=headers)
    assert b"Token Authentication" in response.data
Ejemplo n.º 23
0
def test_token_auth_via_querystring_valid_token(client):
    response = json_authenticate(client)
    token = response.jdata['response']['user']['authentication_token']
    response = client.get('/token?auth_token=' + token)
    assert b'Token Authentication' in response.data
Ejemplo n.º 24
0
def test_token_auth_via_header_valid_token(client):
    response = json_authenticate(client)
    token = response.jdata['response']['user']['authentication_token']
    headers = {"Authentication-Token": token}
    response = client.get('/token', headers=headers)
    assert b'Token Authentication' in response.data
Ejemplo n.º 25
0
def test_ok_json_auth(client):
    response = json_authenticate(client)
    assert response.jdata['meta']['code'] == 200
    assert 'authentication_token' in response.jdata['response']['user']
Ejemplo n.º 26
0
def test_invalid_json_auth(client):
    response = json_authenticate(client, password='******')
    assert b'"code": 400' in response.data
Ejemplo n.º 27
0
def test_ok_json_auth(client):
    response = json_authenticate(client)
    assert response.jdata["meta"]["code"] == 200
    assert "authentication_token" in response.jdata["response"]["user"]